ansible/roles/matrix/tasks/main.yml

#!/usr/bin/ansible-playbook
# vim:ft=ansible:
---
- name: Set up Matrix
  block:
    - name: Set up repos
      block:
        - name: Add repo keys
          apt_key:
            url: "{{ item }}"
          loop:
            - "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"
        - name: Add repos
          apt_repository:
            repo: "{{ item }}"
          loop:
            - "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"
        - name: Install packages
          apt:
            name:
              - matrix-synapse-py3
              - python3-psycopg2
    - name: Set up PostgreSQL
      block:
        - name: Create DB user
          postgresql_user:
            name: matrix
            password: "{{ matrix.db_password }}"
            login_host: "{{ matrix_db_hostname }}"
            login_user: "{{ psql.ansible.user }}"
            login_password: "{{ psql.ansible.pass }}"
        - name: Create DB
          postgresql_db:
            name: matrix
            owner: matrix
            lc_collate: C
            lc_ctype: C
            login_host: "{{ matrix_db_hostname }}"
            login_user: "{{ psql.ansible.user }}"
            login_password: "{{ psql.ansible.pass }}"
      when: matrix_db_hostname is defined
    - name: Set up Apache
      block:
        - name: Template out config
          template:
            src: "apache2-matrix.conf"
            dest: "/etc/apache2/conf-available/matrix.conf"
          notify: restart apache
        - name: Enable configs
          command:
            cmd: a2enconf "{{ item }}"
            creates: "/etc/apache2/conf-enabled/{{ item }}.conf"
          loop:
            - matrix
          notify: restart apache
        - name: Enable modules
          command:
            cmd: a2enmod "{{ item }}"
            creates: "/etc/apache2/mods-enabled/{{ item }}.load"
          loop:
            - proxy
            - proxy_http
          notify: restart apache
        - name: Template out vhost
          template:
            src: "apache2-vhost-ssl.conf"
            dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Create webroot
          file:
            state: directory
            path: "{{ matrix_webroot }}"
        - name: Enable site
          command:
            cmd: "a2ensite {{ matrix.url }}.conf"
            creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"
          notify: restart apache
        - name: Generate certificate
          include_role:
            name: https
          vars:
            website_url: "{{ matrix.url }}"
    - name: Configure Synapse
      template:
        src: "{{ item.src }}"
        dest: "{{ item.dest }}"
        mode: "{{ item.mode }}"
      loop:
        - { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }
        - { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }
      notify: restart synapse
    - name: Check for secrets
      stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"
      register: p
    - name: Generate secrets
      block:
        - name: Generate registration_shared_secret
          command: pwgen 32 1
          register: matrix_reg_secret
        - name: Generate turn_shared_secret
          command: pwgen 32 1
          register: matrix_turn_secret
        - name: Template out shared_secrets.yaml
          template:
            src: "shared_secrets.yaml"
            dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"
            mode: "0640"
            owner: "matrix-synapse"
            group: "root"
          notify: restart synapse
      when: not p.stat.exists
    - name: Template out backup module
      template:
        src: "backup.sh"
        dest: "/opt/backups/modules/{{ matrix.url }}.sh"
        mode: "0600"
  become: yes
Add part of a matrix setup 2020-06-21 10:22:01 -05:00			`#!/usr/bin/ansible-playbook`
			`# vim:ft=ansible:`
			`---`
			`- name: Set up Matrix`
			`block:`
			`- name: Set up repos`
			`block:`
			`- name: Add repo keys`
			`apt_key:`
			`url: "{{ item }}"`
			`loop:`
			`- "https://packages.matrix.org/debian/matrix-org-archive-keyring.gpg"`
			`- name: Add repos`
			`apt_repository:`
			`repo: "{{ item }}"`
			`loop:`
Have Matrix install for the right distro by default 2020-08-28 17:07:14 -05:00			`- "deb https://packages.matrix.org/debian/ {{ ansible_distribution_release }} main"`
Add part of a matrix setup 2020-06-21 10:22:01 -05:00			`- name: Install packages`
			`apt:`
			`name:`
Add deps for pleroma and matrix 2020-08-01 22:13:43 -05:00			`- matrix-synapse-py3`
Install the right package 2020-08-01 22:17:14 -05:00			`- python3-psycopg2`
Move Matrix to a dedi psql 2020-08-01 20:59:55 -05:00			`- name: Set up PostgreSQL`
			`block:`
			`- name: Create DB user`
			`postgresql_user:`
			`name: matrix`
Reorganize matrix and nc vars 2020-08-02 19:43:08 -05:00			`password: "{{ matrix.db_password }}"`
Move Matrix to a dedi psql 2020-08-01 20:59:55 -05:00			`login_host: "{{ matrix_db_hostname }}"`
More variable refactoring 2020-08-02 19:36:46 -05:00			`login_user: "{{ psql.ansible.user }}"`
			`login_password: "{{ psql.ansible.pass }}"`
Move Matrix to a dedi psql 2020-08-01 20:59:55 -05:00			`- name: Create DB`
			`postgresql_db:`
			`name: matrix`
			`owner: matrix`
			`lc_collate: C`
			`lc_ctype: C`
			`login_host: "{{ matrix_db_hostname }}"`
More variable refactoring 2020-08-02 19:36:46 -05:00			`login_user: "{{ psql.ansible.user }}"`
			`login_password: "{{ psql.ansible.pass }}"`
Only try to configure our DB if it's defined 2020-08-02 08:06:38 -05:00			`when: matrix_db_hostname is defined`
Working on more Matrix stuffs, adding creds for SES 2020-06-21 10:46:49 -05:00			`- name: Set up Apache`
			`block:`
More work on Matrix deployment, configure apache on 8448 2020-06-22 04:43:05 -05:00			`- name: Template out config`
			`template:`
			`src: "apache2-matrix.conf"`
Fix missing quote 2020-06-22 04:44:14 -05:00			`dest: "/etc/apache2/conf-available/matrix.conf"`
More work on Matrix deployment, configure apache on 8448 2020-06-22 04:43:05 -05:00			`notify: restart apache`
			`- name: Enable configs`
			`command:`
			`cmd: a2enconf "{{ item }}"`
Really fix it 2020-06-22 05:07:25 -05:00			`creates: "/etc/apache2/conf-enabled/{{ item }}.conf"`
More work on Matrix deployment, configure apache on 8448 2020-06-22 04:43:05 -05:00			`loop:`
			`- matrix`
			`notify: restart apache`
Working on more Matrix stuffs, adding creds for SES 2020-06-21 10:46:49 -05:00			`- name: Enable modules`
			`command:`
			`cmd: a2enmod "{{ item }}"`
			`creates: "/etc/apache2/mods-enabled/{{ item }}.load"`
			`loop:`
			`- proxy`
			`- proxy_http`
			`notify: restart apache`
			`- name: Template out vhost`
			`template:`
			`src: "apache2-vhost-ssl.conf"`
Reorganize matrix and nc vars 2020-08-02 19:43:08 -05:00			`dest: "/etc/apache2/sites-available/{{ matrix.url }}.conf"`
notify: restart apache a lot 2020-06-22 06:33:57 -05:00			`notify: restart apache`
Working on more Matrix stuffs, adding creds for SES 2020-06-21 10:46:49 -05:00			`- name: Create webroot`
			`file:`
			`state: directory`
			`path: "{{ matrix_webroot }}"`
			`- name: Enable site`
			`command:`
Reorganize matrix and nc vars 2020-08-02 19:43:08 -05:00			`cmd: "a2ensite {{ matrix.url }}.conf"`
			`creates: "/etc/apache2/sites-enabled/{{ matrix.url }}.conf"`
Working on more Matrix stuffs, adding creds for SES 2020-06-21 10:46:49 -05:00			`notify: restart apache`
			`- name: Generate certificate`
			`include_role:`
			`name: https`
			`vars:`
Reorganize matrix and nc vars 2020-08-02 19:43:08 -05:00			`website_url: "{{ matrix.url }}"`
Working on more Matrix stuffs, adding creds for SES 2020-06-21 10:46:49 -05:00			`- name: Configure Synapse`
			`template:`
			`src: "{{ item.src }}"`
			`dest: "{{ item.dest }}"`
			`mode: "{{ item.mode }}"`
			`loop:`
I DIDN'T CHANGE THE SOURCE EXTENSIONS 2020-06-21 11:28:11 -05:00			`- { src: "homeserver.yaml", dest: "/etc/matrix-synapse/homeserver.yaml", mode: "0644" }`
			`- { src: "server_name.yaml", dest: "/etc/matrix-synapse/conf.d/server_name.yaml", mode: "0644" }`
Move notify on templating configs 2020-06-21 11:12:38 -05:00			`notify: restart synapse`
Generate secrets for Matrix 2020-06-22 04:08:03 -05:00			`- name: Check for secrets`
			`stat: path="/etc/matrix-synapse/conf.d/shared_secrets.yaml"`
			`register: p`
			`- name: Generate secrets`
			`block:`
			`- name: Generate registration_shared_secret`
			`command: pwgen 32 1`
			`register: matrix_reg_secret`
Generate turn secrets 2020-06-22 04:09:24 -05:00			`- name: Generate turn_shared_secret`
			`command: pwgen 32 1`
			`register: matrix_turn_secret`
Generate secrets for Matrix 2020-06-22 04:08:03 -05:00			`- name: Template out shared_secrets.yaml`
			`template:`
Fix typo 2020-06-22 04:28:38 -05:00			`src: "shared_secrets.yaml"`
Generate secrets for Matrix 2020-06-22 04:08:03 -05:00			`dest: "/etc/matrix-synapse/conf.d/shared_secrets.yaml"`
			`mode: "0640"`
			`owner: "matrix-synapse"`
			`group: "root"`
Also restart synapse forgot about that 2020-06-22 04:10:32 -05:00			`notify: restart synapse`
Generate secrets for Matrix 2020-06-22 04:08:03 -05:00			`when: not p.stat.exists`
Make matrix backups 2020-06-22 11:05:56 -05:00			`- name: Template out backup module`
			`template:`
			`src: "backup.sh"`
Reorganize matrix and nc vars 2020-08-02 19:43:08 -05:00			`dest: "/opt/backups/modules/{{ matrix.url }}.sh"`
Make matrix backups 2020-06-22 11:05:56 -05:00			`mode: "0600"`
Add part of a matrix setup 2020-06-21 10:22:01 -05:00			`become: yes`